{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC087", "name": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces", "shortDescription": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "fullDescription": {"text": "Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "Add the backend route, update the frontend constant to the implemented endpoint, or document that the route is served by another service and exclude it with .repobilityignore."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /te"}, "fullDescription": {"text": "Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Compose service `with-docker-multi-env-staging` image has no explicit tag", "shortDescription": {"text": "Compose service `with-docker-multi-env-staging` image has no explicit tag"}, "fullDescription": {"text": "Pin the image to a supported version tag or digest, for example python:3.13-slim or image@sha256:..."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKC013", "name": "Database service has no persistent data volume", "shortDescription": {"text": "Database service has no persistent data volume"}, "fullDescription": {"text": "Mount the database data directory to a named Docker volume or managed persistent disk, and document backup and restore testing."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Compose service `redis-stack` image uses the latest tag", "shortDescription": {"text": "Compose service `redis-stack` image uses the latest tag"}, "fullDescription": {"text": "Pin to a maintained version tag or digest and update it deliberately through dependency automation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR009", "name": "Dockerfile separates apt update from install", "shortDescription": {"text": "Dockerfile separates apt update from install"}, "fullDescription": {"text": "Combine update and install in the same RUN instruction and clean package indexes in that layer."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR018", "name": "Database dump or local database file is included in Docker build context", "shortDescription": {"text": "Database dump or local database file is included in Docker build context"}, "fullDescription": {"text": "Move database dumps outside the Docker build context or exclude them with .dockerignore. Keep backup and restore artifacts in private object storage or a dedicated backup workflow."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR015", "name": "Docker build context is very large", "shortDescription": {"text": "Docker build context is very large"}, "fullDescription": {"text": "Shrink the build context with .dockerignore, move generated/runtime data outside the build context, and copy only the manifest files needed for cached dependency layers."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "Merge the intended change into the canonical file, update tests/imports, and delete the parallel implementation if it is not the active entry point."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 0.45, "cwe": "", "owasp": ""}}, {"id": "SEC002", "name": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code.", "shortDescription": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "fullDescription": {"text": "Use environment variables. Add the pattern to .gitignore."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "Add a Content-Security-Policy header through the web framework or hosting config. For static apps, add a CSP meta tag that restricts default-src, script-src, connect-src, img-src, and frame-ancestors."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authenticatio", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Review the access matrix and add explicit framework auth declarations or policy-file exceptions for intentionally public routes."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_README", "name": "No README file found", "shortDescription": {"text": "No README file found"}, "fullDescription": {"text": "Create a README.md with: project name and description, installation instructions, usage examples, configuration options, and contribution guidelines."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Add `Sitemap: https://your-domain.example/sitemap.xml` to robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "Add llms.txt with the product summary, canonical docs, API endpoints, security guidance, and preferred CLI workflow for AI agents."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "Add `security_opt: [\"no-new-privileges:true\"]` unless the service has a documented need for privilege escalation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKC015", "name": "Database service has no healthcheck", "shortDescription": {"text": "Database service has no healthcheck"}, "fullDescription": {"text": "Add a database-native healthcheck such as pg_isready, mysqladmin ping, redis-cli ping, or the vendor's readiness command."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "Add humans.txt with team ownership, contact URL, key documentation links, and the last-updated date."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "Add regression tests for anonymous denial, cross-user object denial, admin role limits, and super_admin-only behavior."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "MINED065", "name": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public re", "shortDescription": {"text": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-942,CWE-346 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED078", "name": "[MINED078] Eslint Disable File: /* eslint-disable */ at top disables all lint rules for the file.", "shortDescription": {"text": "[MINED078] Eslint Disable File: /* eslint-disable */ at top disables all lint rules for the file."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED074", "name": "[MINED074] Ai Tell Fake Citation (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED074] Ai Tell Fake Citation (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 51 more): Same pattern found in 51 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 51 more): Same pattern found in 51 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 27 more): Same pattern found in 27 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 27 more): Same pattern found in 27 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 13 more): Same pattern found in 13 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED054] Ts As Any (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html (and 38 more): Same pattern found in 38 additional files. Review if needed.", "shortDescription": {"text": "[MINED058] React Dangerously Set Html (and 38 more): Same pattern found in 38 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 8 more): Same pattern found in 8 additional files. Review if neede", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 3 more): Same pattern found in 3 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC084] JS: require() with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 82 more): Same pattern found in 82 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 82 more): Same pattern found in 82 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 20 more): Same pattern found in 20 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 20 more): Same pattern found in 20 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED057", "name": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolve", "shortDescription": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED011", "name": "[MINED011] Scala Get On Option (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED011] Scala Get On Option (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED051", "name": "[MINED051] Csharp Null Forgive (and 77 more): Same pattern found in 77 additional files. Review if needed.", "shortDescription": {"text": "[MINED051] Csharp Null Forgive (and 77 more): Same pattern found in 77 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED002", "name": "[MINED002] Dart Null Bang (and 120 more): Same pattern found in 120 additional files. Review if needed.", "shortDescription": {"text": "[MINED002] Dart Null Bang (and 120 more): Same pattern found in 120 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED010", "name": "[MINED010] Ruby System Call (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED010] Ruby System Call (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 30 more): Same pattern found in 30 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 30 more): Same pattern found in 30 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 14 more): Same pattern found in 14 additional f", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 36 more): Same pattern found in 36 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 36 more): Same pattern found in 36 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED012", "name": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code.", "shortDescription": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC114", "name": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker", "shortDescription": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "fullDescription": {"text": "After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED039", "name": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path.", "shortDescription": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /templates/app-api/js/app/:slu"}, "fullDescription": {"text": "Add ownership, tenant, relationship, or policy checks before reading or mutating the target object."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DKC011", "name": "Database service publishes a host port", "shortDescription": {"text": "Database service publishes a host port"}, "fullDescription": {"text": "Use `expose` for service-to-service access, bind to 127.0.0.1 for local-only access, or protect the port with firewall rules."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "Create .dockerignore before using broad context copies, or copy only the required files and directories."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR006", "name": "Dockerfile pipes a remote script into a shell", "shortDescription": {"text": "Dockerfile pipes a remote script into a shell"}, "fullDescription": {"text": "Download the artifact, verify its checksum or signature, pin the version, and then execute it."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED019", "name": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates.", "shortDescription": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-94 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED025", "name": "[MINED025] Php Eval: eval() executes arbitrary PHP. Code injection.", "shortDescription": {"text": "[MINED025] Php Eval: eval() executes arbitrary PHP. Code injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED024", "name": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk.", "shortDescription": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED015", "name": "[MINED015] Ruby Eval Call: eval() executes arbitrary code. Code injection.", "shortDescription": {"text": "[MINED015] Ruby Eval Call: eval() executes arbitrary code. Code injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED005", "name": "[MINED005] Lua Loadstring: loadstring/load executes Lua code. Code injection.", "shortDescription": {"text": "[MINED005] Lua Loadstring: loadstring/load executes Lua code. Code injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/504"}, "properties": {"repository": "vercel/next.js", "repoUrl": "https://github.com/vercel/next.js.git", "branch": "canary"}, "results": [{"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 30664, "scanner": "repobility-threat-engine", "fingerprint": "64649f79f7a9254a7f7bde8d52c2a89da52d7f1ca97af3081bc7f687809cd15e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "key={Math.random(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|64649f79f7a9254a7f7bde8d52c2a89da52d7f1ca97af3081bc7f687809cd15e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-mqtt-js/app/page.tsx"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 30645, "scanner": "repobility-threat-engine", "fingerprint": "392ea839ad7f4cf6fc5af92c9b85315df2b74e14508328c68fd9220479b378af", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Foo Bar\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|392ea839ad7f4cf6fc5af92c9b85315df2b74e14508328c68fd9220479b378af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/api-routes-apollo-server/pages/api/graphql.ts"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 30531, "scanner": "repobility-threat-engine", "fingerprint": "9d0d118139bdcf38b8d0eb1ab0129b3c70c1fdad0468c8f2dfbe2df0ff7eebd9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'John Doe'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9d0d118139bdcf38b8d0eb1ab0129b3c70c1fdad0468c8f2dfbe2df0ff7eebd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/basic-app/pages/api/page-api.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 30530, "scanner": "repobility-threat-engine", "fingerprint": "b64609ff959f2e9cfe43afe684ec6f0f906a39f8793eba84c6e717e0e316b396", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'John Doe'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b64609ff959f2e9cfe43afe684ec6f0f906a39f8793eba84c6e717e0e316b396"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/basic-app/app/api/app/route.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 29907, "scanner": "repobility-journey-contract", "fingerprint": "f9b5d28782213b926d28dc8ae4798ccfde14916687a4355969130a68cac179f5", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/{param}", "correlation_key": "fp|f9b5d28782213b926d28dc8ae4798ccfde14916687a4355969130a68cac179f5", "backend_endpoint_count": 8}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/next/src/shared/lib/router/utils/sortable-routes.ts"}, "region": {"startLine": 156}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 29906, "scanner": "repobility-journey-contract", "fingerprint": "18e4355d825b0f5e33821c222d6a633210e2bfa25fcbb00b9162d212043174d2", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/{param}", "correlation_key": "fp|18e4355d825b0f5e33821c222d6a633210e2bfa25fcbb00b9162d212043174d2", "backend_endpoint_count": 8}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/next/src/shared/lib/router/utils/sortable-routes.ts"}, "region": {"startLine": 155}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 29905, "scanner": "repobility-journey-contract", "fingerprint": "16afd97464049ce1b8745c64d173a7a346c70ebb8a5c2a105f45ffdf87e4ff36", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/users", "correlation_key": "fp|16afd97464049ce1b8745c64d173a7a346c70ebb8a5c2a105f45ffdf87e4ff36", "backend_endpoint_count": 8}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/next/src/shared/lib/router/utils/sortable-routes.ts"}, "region": {"startLine": 154}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 29904, "scanner": "repobility-journey-contract", "fingerprint": "27708207f9d74d65c9ef92aa22501f02ec4bd6a5284349ae491f8c4eac20aa5d", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/users", "correlation_key": "fp|27708207f9d74d65c9ef92aa22501f02ec4bd6a5284349ae491f8c4eac20aa5d", "backend_endpoint_count": 8}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/next/src/shared/lib/router/utils/sortable-routes.ts"}, "region": {"startLine": 88}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 29903, "scanner": "repobility-journey-contract", "fingerprint": "8a4bb8b9568811155a3c9fa906dc6519aaaf252961c689da7ad52f5fb56045cf", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/{param}", "correlation_key": "fp|8a4bb8b9568811155a3c9fa906dc6519aaaf252961c689da7ad52f5fb56045cf", "backend_endpoint_count": 8}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/next/src/shared/lib/router/utils/sortable-routes.ts"}, "region": {"startLine": 72}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 29902, "scanner": "repobility-journey-contract", "fingerprint": "3ef9d2f5330bed547cb3192d5252c0460d6d13e089d28156bb53860e9c8189b8", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/users/{param}", "correlation_key": "fp|3ef9d2f5330bed547cb3192d5252c0460d6d13e089d28156bb53860e9c8189b8", "backend_endpoint_count": 8}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/next/src/shared/lib/router/utils/sortable-routes.ts"}, "region": {"startLine": 71}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 29901, "scanner": "repobility-journey-contract", "fingerprint": "c619a93b41ea4e4b883fee4f7e5f219a1163c4848ddd2fd7535f72d9a58492a7", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/users/{param}", "correlation_key": "fp|c619a93b41ea4e4b883fee4f7e5f219a1163c4848ddd2fd7535f72d9a58492a7", "backend_endpoint_count": 8}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/next/src/server/lib/router-utils/typegen.ts"}, "region": {"startLine": 1030}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 29900, "scanner": "repobility-journey-contract", "fingerprint": "0311a703fbd2a901cb0a2684e06e668430c6f4b7ca7b1d57420219767a88be47", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/users/{param}", "correlation_key": "fp|0311a703fbd2a901cb0a2684e06e668430c6f4b7ca7b1d57420219767a88be47", "backend_endpoint_count": 8}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/next/src/server/lib/router-utils/typegen.ts"}, "region": {"startLine": 938}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 29899, "scanner": "repobility-journey-contract", "fingerprint": "0b298a52462996543a112c463314b31fec2cd61276b7a2691c6600c0ee5701a7", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/data", "correlation_key": "fp|0b298a52462996543a112c463314b31fec2cd61276b7a2691c6600c0ee5701a7", "backend_endpoint_count": 8}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/next/src/client/components/segment-cache/navigation-testing-lock.ts"}, "region": {"startLine": 130}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 29898, "scanner": "repobility-journey-contract", "fingerprint": "3a47a686e767d85c054d9dce6eac39a15971267696bf9675f3365c5ee9b68f56", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/edge/route", "correlation_key": "fp|3a47a686e767d85c054d9dce6eac39a15971267696bf9675f3365c5ee9b68f56", "backend_endpoint_count": 8}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/next/src/cli/internal/static-routes-info.ts"}, "region": {"startLine": 217}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 29897, "scanner": "repobility-journey-contract", "fingerprint": "d6338d81f0a8f9cb8be88aa95066e6a45b82f2238ac93e7a593644d728af3cc5", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/products", "correlation_key": "fp|d6338d81f0a8f9cb8be88aa95066e6a45b82f2238ac93e7a593644d728af3cc5", "backend_endpoint_count": 8}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evals/evals/agent-021-avoid-fetch-in-effect/app/page.tsx"}, "region": {"startLine": 7}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /templates/app-api/js/app/:slug."}, "properties": {"repobilityId": 29896, "scanner": "repobility-access-control", "fingerprint": "5fecf4a514edb978c05bf0f599c640f3e70bbc0c1539b151b13a086e843846e4", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/templates/app-api/js/app/:slug", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token / slug /route.js|3|auc009", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/create-next-app/templates/app-api/js/app/[slug]/route.js"}, "region": {"startLine": 3}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /templates/app-api/ts/app/:slug."}, "properties": {"repobilityId": 29895, "scanner": "repobility-access-control", "fingerprint": "66dc18f7dedca59f2cc5a81bf4d227e9f7cbf06497686f52df7cceba247e9109", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/templates/app-api/ts/app/:slug", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token / slug /route.ts|3|auc009", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/create-next-app/templates/app-api/ts/app/[slug]/route.ts"}, "region": {"startLine": 3}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /templates/app-api/ts/app."}, "properties": {"repobilityId": 29894, "scanner": "repobility-access-control", "fingerprint": "c7da51e8c0ec11369a3cd3da425e9d75e841b64da3e267e4c01e6fbc01c19349", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation. Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"path": "/templates/app-api/ts/app", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|3|auc009", "duplicate_count": 3, "identity_targets": ["unknown"], "duplicate_rule_ids": ["AUC009"], "duplicate_scanners": ["repobility-access-control"], "duplicate_fingerprints": ["2daa46fdf9d249190210a59ea7cd56356d751c9695193ad5a3c3741a500f84c0", "3bd353311c28d37ce43a1df251ccdb15d03cfeaf18158dbbf827dad02ac91014", "c7da51e8c0ec11369a3cd3da425e9d75e841b64da3e267e4c01e6fbc01c19349", "d1b3099cbbdd90829c1a5cd7c796723ca978df04fe5bb406a3187c3cc7a64e22"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/create-next-app/templates/app-api/ts/app/route.ts"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `with-docker-multi-env-staging` image has no explicit tag"}, "properties": {"repobilityId": 29889, "scanner": "repobility-docker", "fingerprint": "1890a41f2b8afcdea2eb3bd474f6db0f5a9596cb3250f8d29bebc2c4bc33864c", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "with-docker-multi-env-staging", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|1890a41f2b8afcdea2eb3bd474f6db0f5a9596cb3250f8d29bebc2c4bc33864c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-multi-env/docker/staging/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `with-docker-multi-env-production` image has no explicit tag"}, "properties": {"repobilityId": 29886, "scanner": "repobility-docker", "fingerprint": "cf256401df3f9fb38460fb86feaf23005b02a688f7c359adbc85860bd9268eff", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "with-docker-multi-env-production", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|cf256401df3f9fb38460fb86feaf23005b02a688f7c359adbc85860bd9268eff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-multi-env/docker/production/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `with-docker-multi-env-development` image has no explicit tag"}, "properties": {"repobilityId": 29883, "scanner": "repobility-docker", "fingerprint": "5f7a6c9b1a50579d34e53ff9108de301b330894068ccdb6db32fb7871c5674e0", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "with-docker-multi-env-development", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5f7a6c9b1a50579d34e53ff9108de301b330894068ccdb6db32fb7871c5674e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-multi-env/docker/development/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `nextjs-static-export-with-serve` image has no explicit tag"}, "properties": {"repobilityId": 29880, "scanner": "repobility-docker", "fingerprint": "086c8b9c5c1a483b705bdea1ecf3c4d3727cb5783579c243191424d051e48f2f", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "nextjs-static-export-serve-image", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|086c8b9c5c1a483b705bdea1ecf3c4d3727cb5783579c243191424d051e48f2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-export-output/compose.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `nextjs-static-export` image has no explicit tag"}, "properties": {"repobilityId": 29877, "scanner": "repobility-docker", "fingerprint": "60c082a35d056b904eb360d5168d3650314dec4d79a2d1379bc281f9c231376c", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "nextjs-static-export-image", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|60c082a35d056b904eb360d5168d3650314dec4d79a2d1379bc281f9c231376c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-export-output/compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `nextjs-standalone-with-bun` image has no explicit tag"}, "properties": {"repobilityId": 29874, "scanner": "repobility-docker", "fingerprint": "10e3ab280a1ee3593f4fd19b176ff714db8355a267a2980c9488f8f46148f072", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "nextjs-standalone-bun-image", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|10e3ab280a1ee3593f4fd19b176ff714db8355a267a2980c9488f8f46148f072"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker/compose.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `nextjs-standalone` image has no explicit tag"}, "properties": {"repobilityId": 29871, "scanner": "repobility-docker", "fingerprint": "16c0f2d31d2f190b273ae2b7cebc980ea64eb7a5cecb61adf48a3d313bb8c6f5", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "nextjs-standalone-image", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|16c0f2d31d2f190b273ae2b7cebc980ea64eb7a5cecb61adf48a3d313bb8c6f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker/compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 29869, "scanner": "repobility-docker", "fingerprint": "3f29ab5e76804ca0e89139b6c1f5b1a45e362cdd6a006928e62fcbf62571ee0f", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "redis-stack", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|3f29ab5e76804ca0e89139b6c1f5b1a45e362cdd6a006928e62fcbf62571ee0f", "expected_targets": ["/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cache-handler-redis/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `redis-stack` image uses the latest tag"}, "properties": {"repobilityId": 29867, "scanner": "repobility-docker", "fingerprint": "bbc7b3a125ad20e44a678a33588c0ed9f64cd14b8956aea45c637b7879effbc1", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "redis/redis-stack:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|bbc7b3a125ad20e44a678a33588c0ed9f64cd14b8956aea45c637b7879effbc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cache-handler-redis/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 29850, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 29849, "scanner": "repobility-docker", "fingerprint": "9f295dceb89a05f2d49b184c8276d08dfa79db90ac7ad5d7164d383508cec7b6", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "base", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9f295dceb89a05f2d49b184c8276d08dfa79db90ac7ad5d7164d383508cec7b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/Dockerfile"}, "region": {"startLine": 25}}}]}, {"ruleId": "DKR009", "level": "warning", "message": {"text": "Dockerfile separates apt update from install"}, "properties": {"repobilityId": 29846, "scanner": "repobility-docker", "fingerprint": "c88497a538b7e85efbbc0f0430ced20a93875e9cd12d457c16b6e5f8214c41b5", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Package index update appears without package installation in the same layer.", "evidence": {"rule_id": "DKR009", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|c88497a538b7e85efbbc0f0430ced20a93875e9cd12d457c16b6e5f8214c41b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/Dockerfile"}, "region": {"startLine": 7}}}]}, {"ruleId": "DKR018", "level": "warning", "message": {"text": "Database dump or local database file is included in Docker build context"}, "properties": {"repobilityId": 29845, "scanner": "repobility-docker", "fingerprint": "655485f8d8d660f19955b099504360fbf5ff0f88b2be2fc7d9501b5ab7e7369f", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like artifacts are reachable from the Docker build context and are not ignored.", "evidence": {"rule_id": "DKR018", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|655485f8d8d660f19955b099504360fbf5ff0f88b2be2fc7d9501b5ab7e7369f", "database_artifacts": [{"path": "test/e2e/prerender-native-module/data.sqlite", "size_mb": 0.0}]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR015", "level": "warning", "message": {"text": "Docker build context is very large"}, "properties": {"repobilityId": 29844, "scanner": "repobility-docker", "fingerprint": "b15d4f710afeff2af4cd4ab204332853f9025b78869a0e87bb466a798bb1a15b", "category": "docker", "severity": "medium", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Estimated Docker build context exceeds Repobility's size or file-count threshold.", "evidence": {"capped": false, "rule_id": "DKR015", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "largest_paths": [{"path": ".git/objects/pack/pack-4034717aefb1876d029df6d79a714ef33eed6d89.pack", "size_mb": 24.5}, {"path": ".git/objects/pack/pack-5eda673522d581838641cf549502302a98c8eed0.pack", "size_mb": 18.3}, {"path": ".git/index", "size_mb": 4.2}, {"path": "packages/next/src/next-devtools/dev-overlay/app.png", "size_mb": 3.3}, {"path": "examples/with-xata/public/xatafly.gif", "size_mb": 2.6}], "included_files": 28990, "context_size_mb": 193.2, "correlation_key": "fp|b15d4f710afeff2af4cd4ab204332853f9025b78869a0e87bb466a798bb1a15b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 29824, "scanner": "repobility-ai-code-hygiene", "fingerprint": "724d5bc98450b320bd9c7d6cb8ac39767dc449ce828e9dd44ca16a29764cdbc5", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|724d5bc98450b320bd9c7d6cb8ac39767dc449ce828e9dd44ca16a29764cdbc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "turbopack/crates/turbo-tasks-backend/src/backend/operation/leaf_distance_update.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 29821, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4a9270b1b2f67616a321598ccc9a54f2cc1f32618428b23fc1d9e18664781f6f", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "update", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "test/production/export/pages/query.js", "correlation_key": "fp|4a9270b1b2f67616a321598ccc9a54f2cc1f32618428b23fc1d9e18664781f6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/production/export/pages/query-update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 29817, "scanner": "repobility-threat-engine", "fingerprint": "4293eaab01006283fe510c963037c0a9e4e660c38a154761551075025975d8b1", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here | [R34 auto-suppress: documentation/example path]", "evidence": {"match": "key={Math.random", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here | [R34 auto-suppress: documentation/example path]", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "code|crypto|token|53|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-mqtt-js/app/page.tsx"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC002", "level": "warning", "message": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "properties": {"repobilityId": 29816, "scanner": "repobility-threat-engine", "fingerprint": "a7e519c144f835d182d7e982cca8be7148931accca06205c6db4c97953d3739c", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.6 bits) \u2014 may be placeholder or common string | [R34 auto-suppress: documentation/example path]", "evidence": {"match": "API_KEY = \"<redacted>\"", "reason": "Low entropy value (3.6 bits) \u2014 may be placeholder or common string | [R34 auto-suppress: documentation/example path]", "rule_id": "SEC002", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|2|api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-algolia-react-instantsearch/components/Search.tsx"}, "region": {"startLine": 27}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 29808, "scanner": "repobility-threat-engine", "fingerprint": "fb60b654b3ed56db5f59ad58432a51488843f8fdc7717b4452b62ac7ee6bcf1b", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fb60b654b3ed56db5f59ad58432a51488843f8fdc7717b4452b62ac7ee6bcf1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/nested-deps/bench.mjs"}, "region": {"startLine": 174}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 29807, "scanner": "repobility-threat-engine", "fingerprint": "8529bd465391c04a5738dfe5878da75b7f6300d0d1e5f58fbf526c6c9c9e541c", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8529bd465391c04a5738dfe5878da75b7f6300d0d1e5f58fbf526c6c9c9e541c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/nested-deps-app-router/bench.mjs"}, "region": {"startLine": 179}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 29806, "scanner": "repobility-threat-engine", "fingerprint": "83b7508d3c9e85a9f4bf8c8022d3578a525e69ffb51ac5db2dac88964a4a585b", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|83b7508d3c9e85a9f4bf8c8022d3578a525e69ffb51ac5db2dac88964a4a585b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/nested-deps-app-router-many-pages/bench.mjs"}, "region": {"startLine": 179}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 29802, "scanner": "repobility-threat-engine", "fingerprint": "54c0aaf18c0642de1ff4d2e328d9006c4daf0985144ded7434157c82c9fd3bd6", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|. token|18|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/src/run/benchmark-url.js"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 29801, "scanner": "repobility-threat-engine", "fingerprint": "22b7f86abbc9af3303652c86426839eb88ee1de21119eed6f825ec82850a37fc", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|. token|11|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/src/prepare/repo-setup.js"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 29800, "scanner": "repobility-threat-engine", "fingerprint": "85345523d93a15b140fc5815af8964eb8f4fbdaaadc821a1ac2413bdf31b05e2", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|. token|40|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/src/index.js"}, "region": {"startLine": 40}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 29469, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 29468, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /commonjs."}, "properties": {"repobilityId": 29465, "scanner": "repobility-access-control", "fingerprint": "2daa46fdf9d249190210a59ea7cd56356d751c9695193ad5a3c3741a500f84c0", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation. Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"path": "/commonjs", "method": "ANY", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|3|auc009", "duplicate_count": 1, "identity_targets": ["unknown"], "duplicate_rule_ids": ["AUC009"], "duplicate_scanners": ["repobility-access-control"], "duplicate_fingerprints": ["2daa46fdf9d249190210a59ea7cd56356d751c9695193ad5a3c3741a500f84c0", "d1b3099cbbdd90829c1a5cd7c796723ca978df04fe5bb406a3187c3cc7a64e22"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/module-cost/pages/api/commonjs.js"}, "region": {"startLine": 3}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /app/commonjs."}, "properties": {"repobilityId": 29464, "scanner": "repobility-access-control", "fingerprint": "14a7d095e39ad8151cadcee62b2e6ef0a1f440f8de515ed481eb8199770ed3d0", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation. Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"path": "/app/commonjs", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|5|auc009", "duplicate_count": 1, "identity_targets": ["unknown"], "duplicate_rule_ids": ["AUC009"], "duplicate_scanners": ["repobility-access-control"], "duplicate_fingerprints": ["14a7d095e39ad8151cadcee62b2e6ef0a1f440f8de515ed481eb8199770ed3d0", "9176e8a34987541dcc9ac845c2bfee3654bf3c5deb25c810ec9941b64970bffd"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/module-cost/app/app/commonjs/route.js"}, "region": {"startLine": 5}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 29463, "scanner": "repobility-access-control", "fingerprint": "b2b220ffd00544f11577c95c6ebba1d9777fd8f8945f26d82bcf37e8c3177020", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 8, "correlation_key": "fp|b2b220ffd00544f11577c95c6ebba1d9777fd8f8945f26d82bcf37e8c3177020", "auth_visible_percent": 0.0}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 29462, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Express", "Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 29461, "scanner": "repobility-agent-runtime", "fingerprint": "3cd8bd1455c2b31c0698c7385ce12a0f48771e52ed40e3cd7ee4fb1b6eb984cd", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|3cd8bd1455c2b31c0698c7385ce12a0f48771e52ed40e3cd7ee4fb1b6eb984cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_deploy.yml"}, "region": {"startLine": 412}}}]}, {"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 29448, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 29447, "scanner": "repobility-threat-engine", "fingerprint": "085f5a90c449b0c9aca47affbc18c6bcc29b6ec444dd919a3e3743fbdaecfff5", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (err) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|085f5a90c449b0c9aca47affbc18c6bcc29b6ec444dd919a3e3743fbdaecfff5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/vercel/gen-request.js"}, "region": {"startLine": 10}}}]}, {"ruleId": "CORE_NO_README", "level": "warning", "message": {"text": "No README file found"}, "properties": {"repobilityId": 29442, "scanner": "repobility-core", "fingerprint": "b55c73163757fe6b2364bb829fcd26e87b9d9e7b367dd2a3307a814b02b29cbd", "category": "documentation", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"rule_id": "CORE_NO_README", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_readme"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30566, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cd71c95503aec14cffc744262d6caaebad14b49572429f4922bb6edf9381dc1c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-core/src/next_client/context.rs", "duplicate_line": 179, "correlation_key": "fp|cd71c95503aec14cffc744262d6caaebad14b49572429f4922bb6edf9381dc1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_edge/context.rs"}, "region": {"startLine": 135}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 29909, "scanner": "repobility-web-presence", "fingerprint": "b284b7d65b48d43832ed55cb4550ae5a489d8495c5106f9b637397f8bdd4b844", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|b284b7d65b48d43832ed55cb4550ae5a489d8495c5106f9b637397f8bdd4b844"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 29908, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 29891, "scanner": "repobility-docker", "fingerprint": "4faa0cb5f5439e3c70ab5031f226aa1432982b342c70ba33ccdbbdd96dd7b295", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "with-docker-multi-env-staging", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|4faa0cb5f5439e3c70ab5031f226aa1432982b342c70ba33ccdbbdd96dd7b295"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-multi-env/docker/staging/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 29890, "scanner": "repobility-docker", "fingerprint": "d2cef3386e09fc288c5dfe8becf538740286d3fad158a8780757fa6c9ba2e286", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "with-docker-multi-env-staging", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|d2cef3386e09fc288c5dfe8becf538740286d3fad158a8780757fa6c9ba2e286"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-multi-env/docker/staging/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 29888, "scanner": "repobility-docker", "fingerprint": "53e31f6be5c2aab9fbb3a925c8b7640efaf9dfce2badc65c3a5ff9c051221dc9", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "with-docker-multi-env-production", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|53e31f6be5c2aab9fbb3a925c8b7640efaf9dfce2badc65c3a5ff9c051221dc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-multi-env/docker/production/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 29887, "scanner": "repobility-docker", "fingerprint": "50ca2549e09f175879c331999564b66b786385c2c63d496b92d352d76858356d", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "with-docker-multi-env-production", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|50ca2549e09f175879c331999564b66b786385c2c63d496b92d352d76858356d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-multi-env/docker/production/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 29885, "scanner": "repobility-docker", "fingerprint": "8c391b86036be1c8ba3ac7d390c491785b2544c64d4c50f3af4640b4e12a5079", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "with-docker-multi-env-development", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|8c391b86036be1c8ba3ac7d390c491785b2544c64d4c50f3af4640b4e12a5079"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-multi-env/docker/development/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 29884, "scanner": "repobility-docker", "fingerprint": "c5648698a55d47d096b30de79b7fc62acdfb5fa9a30d439d6f0bc92382cfe8fc", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "with-docker-multi-env-development", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|c5648698a55d47d096b30de79b7fc62acdfb5fa9a30d439d6f0bc92382cfe8fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-multi-env/docker/development/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 29882, "scanner": "repobility-docker", "fingerprint": "6fe3cc8362260d7a5b74c618e975670d014a6e81b7b8d9267b38adc18188317f", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "nextjs-static-export-with-serve", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|6fe3cc8362260d7a5b74c618e975670d014a6e81b7b8d9267b38adc18188317f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-export-output/compose.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 29881, "scanner": "repobility-docker", "fingerprint": "db5f9934f36dd60d96e6c30be7810686da3921aed4686162f189f30b789c1428", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "nextjs-static-export-with-serve", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|db5f9934f36dd60d96e6c30be7810686da3921aed4686162f189f30b789c1428"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-export-output/compose.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 29879, "scanner": "repobility-docker", "fingerprint": "0baaf8431f853e4a672e163f93bb310d7cb48dbfa61a26bb6630ee33572d914c", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "nextjs-static-export", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|0baaf8431f853e4a672e163f93bb310d7cb48dbfa61a26bb6630ee33572d914c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-export-output/compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 29878, "scanner": "repobility-docker", "fingerprint": "5a351e8ab937f2590feb0abb8f8eb00ae0c6a8cb9abcfd6769686430ababca4a", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "nextjs-static-export", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|5a351e8ab937f2590feb0abb8f8eb00ae0c6a8cb9abcfd6769686430ababca4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-export-output/compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 29876, "scanner": "repobility-docker", "fingerprint": "d8e582841eff8c54396e04a08995028449078c1d8ef6f6786d62a5093ae32ac3", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "nextjs-standalone-with-bun", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|d8e582841eff8c54396e04a08995028449078c1d8ef6f6786d62a5093ae32ac3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker/compose.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 29875, "scanner": "repobility-docker", "fingerprint": "0d43163800ac392f8bc6e85d3ff0a71f95db8b1a51486eb41572c1176f5da51f", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "nextjs-standalone-with-bun", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|0d43163800ac392f8bc6e85d3ff0a71f95db8b1a51486eb41572c1176f5da51f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker/compose.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 29873, "scanner": "repobility-docker", "fingerprint": "9c29b19013d83551f7d799e8228589d91b25fcbefb1a24775400eb6e9fb76134", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "nextjs-standalone", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|9c29b19013d83551f7d799e8228589d91b25fcbefb1a24775400eb6e9fb76134"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker/compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 29872, "scanner": "repobility-docker", "fingerprint": "19f167487ac6939a9368060f82dae5414220cffe03d6d7260890a1099fb86f1d", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "nextjs-standalone", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|19f167487ac6939a9368060f82dae5414220cffe03d6d7260890a1099fb86f1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker/compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 29870, "scanner": "repobility-docker", "fingerprint": "442558ce5b37561516d39a0091c3f1c058a69b2be472f4df81fb3335f2da5dfb", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "redis-stack", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|442558ce5b37561516d39a0091c3f1c058a69b2be472f4df81fb3335f2da5dfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cache-handler-redis/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 29843, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5c54dd8fa20b90b83b4413f57862cf23d7a8085d91308db6cb998e1bd8ba29ca", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "Page", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "bench/basic-app/app/page.js", "correlation_key": "fp|5c54dd8fa20b90b83b4413f57862cf23d7a8085d91308db6cb998e1bd8ba29ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/e2e/next-image-new/default/pages/missing-alt.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29842, "scanner": "repobility-ai-code-hygiene", "fingerprint": "92c45264b9172da49c6098ba404818b6658270fe6b41ff5a5010b0601a115a56", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "evals/evals/agent-022-prefer-server-actions/app/layout.tsx", "duplicate_line": 5, "correlation_key": "fp|92c45264b9172da49c6098ba404818b6658270fe6b41ff5a5010b0601a115a56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evals/evals/agent-036-after-response/app/layout.tsx"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29841, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f6626cffcdce3a1ebdfcbf763e63ff418ea2ddf140e630d5e32f237868750206", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "evals/evals/agent-022-prefer-server-actions/app/layout.tsx", "duplicate_line": 5, "correlation_key": "fp|f6626cffcdce3a1ebdfcbf763e63ff418ea2ddf140e630d5e32f237868750206"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evals/evals/agent-035-connection-dynamic/app/layout.tsx"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29840, "scanner": "repobility-ai-code-hygiene", "fingerprint": "61d97be85713488e50e1a880bcf314adec358d3483ff12b4941fda13b0c92b9f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "evals/evals/agent-022-prefer-server-actions/app/layout.tsx", "duplicate_line": 5, "correlation_key": "fp|61d97be85713488e50e1a880bcf314adec358d3483ff12b4941fda13b0c92b9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evals/evals/agent-034-async-cookies/app/layout.tsx"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29839, "scanner": "repobility-ai-code-hygiene", "fingerprint": "360f1a29b3c0397c1baf7eb961db9bbdb102301e7f270f41bd052a4915341076", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "evals/evals/agent-022-prefer-server-actions/app/layout.tsx", "duplicate_line": 5, "correlation_key": "fp|360f1a29b3c0397c1baf7eb961db9bbdb102301e7f270f41bd052a4915341076"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evals/evals/agent-033-forbidden-auth/app/layout.tsx"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29838, "scanner": "repobility-ai-code-hygiene", "fingerprint": "72424a73f08f22bc4041c3bc5e2966f11790f3fe1c4ca3c749dfd69ca4f03aac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "evals/evals/agent-022-prefer-server-actions/app/layout.tsx", "duplicate_line": 5, "correlation_key": "fp|72424a73f08f22bc4041c3bc5e2966f11790f3fe1c4ca3c749dfd69ca4f03aac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evals/evals/agent-032-use-cache-directive/app/layout.tsx"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29837, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7452ef84064123a494557db319e33b2a88f22363ab5718c9eb794b55fd35614a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "evals/evals/agent-022-prefer-server-actions/app/layout.tsx", "duplicate_line": 5, "correlation_key": "fp|7452ef84064123a494557db319e33b2a88f22363ab5718c9eb794b55fd35614a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evals/evals/agent-031-proxy-middleware/app/layout.tsx"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29836, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7414e69655373d699f73d04343e8346cb6871715783a6cb9272da4b2ba18febd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "evals/evals/agent-022-prefer-server-actions/app/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|7414e69655373d699f73d04343e8346cb6871715783a6cb9272da4b2ba18febd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evals/evals/agent-029-use-cache-directive/app/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29835, "scanner": "repobility-ai-code-hygiene", "fingerprint": "db0d13aeb13b8274baab80fa6b199161a86e266347e524e70d3605f4abf0ce86", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "evals/evals/agent-022-prefer-server-actions/app/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|db0d13aeb13b8274baab80fa6b199161a86e266347e524e70d3605f4abf0ce86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evals/evals/agent-027-prefer-next-image/app/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29834, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cbde20a8a4b19e5fcf3ad93845f1512909c90c0c807f3e43de353f4c9b23f9fb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "evals/evals/agent-022-prefer-server-actions/app/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|cbde20a8a4b19e5fcf3ad93845f1512909c90c0c807f3e43de353f4c9b23f9fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evals/evals/agent-026-no-serial-await/app/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29833, "scanner": "repobility-ai-code-hygiene", "fingerprint": "91121df4075d0dc66880e348203fac4a3816f65606afcfb946a3ef042c80b321", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "evals/evals/agent-022-prefer-server-actions/app/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|91121df4075d0dc66880e348203fac4a3816f65606afcfb946a3ef042c80b321"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evals/evals/agent-025-prefer-next-link/app/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29832, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8c50ea2cb8e962a573aca7c9c8bc0fc53e01069bc8eef63af6bc6aa8ace2002f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "evals/evals/agent-022-prefer-server-actions/app/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|8c50ea2cb8e962a573aca7c9c8bc0fc53e01069bc8eef63af6bc6aa8ace2002f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evals/evals/agent-024-avoid-redundant-usestate/app/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29831, "scanner": "repobility-ai-code-hygiene", "fingerprint": "60d7c11f7d7c836f9a937344058015ea7da714b5113945e3119366d2263eae30", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "evals/evals/agent-022-prefer-server-actions/app/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|60d7c11f7d7c836f9a937344058015ea7da714b5113945e3119366d2263eae30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evals/evals/agent-023-avoid-getserversideprops/app/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29830, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ecd18bbcd0a02983e2242bb7e3baf3bacee1debc9468f57734a3992355b8ba75", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-custom-transforms/src/lib.rs", "duplicate_line": 1, "correlation_key": "fp|ecd18bbcd0a02983e2242bb7e3baf3bacee1debc9468f57734a3992355b8ba75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-napi-bindings/src/util.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29829, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0303549b91c66f190215add5708e7f66b19fdabe3b7ab4809b3b0b49ec23affe", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-custom-transforms/src/lib.rs", "duplicate_line": 1, "correlation_key": "fp|0303549b91c66f190215add5708e7f66b19fdabe3b7ab4809b3b0b49ec23affe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-napi-bindings/src/transform.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29828, "scanner": "repobility-ai-code-hygiene", "fingerprint": "566a93619298ae12872353e3531fb2d3f09458f121f89b50a3a4825a201338c5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-napi-bindings/src/parse.rs", "duplicate_line": 33, "correlation_key": "fp|566a93619298ae12872353e3531fb2d3f09458f121f89b50a3a4825a201338c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-napi-bindings/src/rspack.rs"}, "region": {"startLine": 116}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29827, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a14832b8088e45ba30eacaaf1f3e7fee96d88ae6b8a1bd26f9d2d1f24f0c1c29", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-custom-transforms/src/lib.rs", "duplicate_line": 1, "correlation_key": "fp|a14832b8088e45ba30eacaaf1f3e7fee96d88ae6b8a1bd26f9d2d1f24f0c1c29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-napi-bindings/src/minify.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29826, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ae2f837723fd95586bb3bd234bd38432b4fe72ca365379b5093f2049642f61ad", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-custom-transforms/src/lib.rs", "duplicate_line": 1, "correlation_key": "fp|ae2f837723fd95586bb3bd234bd38432b4fe72ca365379b5093f2049642f61ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-napi-bindings/src/lib.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29825, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9ff14b67cd0a68ba29e78191ac0a879824cf2617ff78378b04d0c1c4f6eaded7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-custom-transforms/src/transforms/next_ssg.rs", "duplicate_line": 128, "correlation_key": "fp|9ff14b67cd0a68ba29e78191ac0a879824cf2617ff78378b04d0c1c4f6eaded7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-custom-transforms/src/transforms/strip_page_exports.rs"}, "region": {"startLine": 352}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 29823, "scanner": "repobility-ai-code-hygiene", "fingerprint": "593501895d00d7e2341bc42971ff5b0a8f25972e9563ba135fb32d7da4589432", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|593501895d00d7e2341bc42971ff5b0a8f25972e9563ba135fb32d7da4589432"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "turbopack/crates/turbo-tasks-backend/src/backend/operation/leaf_distance_update.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 29822, "scanner": "repobility-ai-code-hygiene", "fingerprint": "77391af233e8a8279fe91bd128a772feaaa8181a0f6fe74eb7028c41b82673a8", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|77391af233e8a8279fe91bd128a772feaaa8181a0f6fe74eb7028c41b82673a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "turbopack/crates/turbo-tasks-backend/src/backend/operation/aggregation_update.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 29820, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1c7dfeea425df40e36afa653ccff1be4a68af0159ed74a59a655d5029f8ef0d2", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fixed", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|1c7dfeea425df40e36afa653ccff1be4a68af0159ed74a59a655d5029f8ef0d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/e2e/next-image-legacy/default/pages/layout-fixed.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 29819, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2ed18fe8d0c8aa365e1945226a45aed1fd89d9a7808d6e62b6997da301cb5e0f", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fixed", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|2ed18fe8d0c8aa365e1945226a45aed1fd89d9a7808d6e62b6997da301cb5e0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/e2e/next-image-legacy/base-path/pages/layout-fixed.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 29818, "scanner": "repobility-ai-code-hygiene", "fingerprint": "733185e057fba51f13403fb5c1a3d57ea0eac259b4ea1a03a7aa839b91276063", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|733185e057fba51f13403fb5c1a3d57ea0eac259b4ea1a03a7aa839b91276063"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/next/src/lib/recursive-copy.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 29467, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 29466, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Express", "Next.js"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29460, "scanner": "repobility-ai-code-hygiene", "fingerprint": "96d27fb2e86856ece45f5f4bab1ec01c78691e458fa44298bc078e33ec5c40d8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-core/src/next_shared/transforms/modularize_imports.rs", "duplicate_line": 56, "correlation_key": "fp|96d27fb2e86856ece45f5f4bab1ec01c78691e458fa44298bc078e33ec5c40d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_shared/transforms/next_optimize_server_react.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29459, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2bc557b23b1487aff0e9f2ff2fe211b4131c2632f86c2505fc9511f5d4b4f933", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-core/src/next_shared/transforms/modularize_imports.rs", "duplicate_line": 56, "correlation_key": "fp|2bc557b23b1487aff0e9f2ff2fe211b4131c2632f86c2505fc9511f5d4b4f933"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_shared/transforms/next_middleware_dynamic_assert.rs"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29458, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0732e507d28af28949bacf6659b5279e4a340e5f79ea1fa1cf44930fec9425fe", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-core/src/next_shared/transforms/modularize_imports.rs", "duplicate_line": 56, "correlation_key": "fp|0732e507d28af28949bacf6659b5279e4a340e5f79ea1fa1cf44930fec9425fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_shared/transforms/next_edge_node_api_assert.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29457, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e8b0135432b446110c4a5a8dfe44ad396854e2f6c533c8e2543a2ef968308a6e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-core/src/next_dynamic/dynamic_module.rs", "duplicate_line": 72, "correlation_key": "fp|e8b0135432b446110c4a5a8dfe44ad396854e2f6c533c8e2543a2ef968308a6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_server_utility/server_utility_module.rs"}, "region": {"startLine": 78}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29456, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e63a96e6f223a4f999d3233b17f1d3f26c2e3dd64fe2b2422f147b4aba651bca", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-core/src/next_dynamic/dynamic_module.rs", "duplicate_line": 5, "correlation_key": "fp|e63a96e6f223a4f999d3233b17f1d3f26c2e3dd64fe2b2422f147b4aba651bca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_server_component/server_component_module.rs"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29455, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fcb2109432a3cf74c6369533fa8cdc9ed50afa3273efaaf04a446332fc07b27c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-core/src/next_app/app_page_entry.rs", "duplicate_line": 125, "correlation_key": "fp|fcb2109432a3cf74c6369533fa8cdc9ed50afa3273efaaf04a446332fc07b27c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_pages/page_entry.rs"}, "region": {"startLine": 92}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29454, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1ae493e4cd7f78393e09c98cd125498d0d56f006fed59798610073d3c7e93897", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-core/src/next_font/google/mod.rs", "duplicate_line": 93, "correlation_key": "fp|1ae493e4cd7f78393e09c98cd125498d0d56f006fed59798610073d3c7e93897"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_font/local/mod.rs"}, "region": {"startLine": 112}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29453, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6c72f85cf8d2804ef1c92ef2a17231ac72313297afab617086aa5c63f1631ad0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-core/src/next_client/context.rs", "duplicate_line": 177, "correlation_key": "fp|6c72f85cf8d2804ef1c92ef2a17231ac72313297afab617086aa5c63f1631ad0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_edge/context.rs"}, "region": {"startLine": 133}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29452, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8930d364db954dbe92918562929c7eaa79230d362c9c538ae33d9efd4913d01c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-core/src/middleware.rs", "duplicate_line": 76, "correlation_key": "fp|8930d364db954dbe92918562929c7eaa79230d362c9c538ae33d9efd4913d01c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_app/app_route_entry.rs"}, "region": {"startLine": 147}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29451, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9fd47457d4cc9dc02d7396fcca3bb517cdf6a24f279f68cc6936d3a3128826a5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-core/src/next_app/app_page_entry.rs", "duplicate_line": 135, "correlation_key": "fp|9fd47457d4cc9dc02d7396fcca3bb517cdf6a24f279f68cc6936d3a3128826a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_app/app_route_entry.rs"}, "region": {"startLine": 129}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29450, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c58acd2e0c011d36fc53943b94e1cbace2e7c2647b90c6c1371a9596ddf70948", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-core/src/middleware.rs", "duplicate_line": 76, "correlation_key": "fp|c58acd2e0c011d36fc53943b94e1cbace2e7c2647b90c6c1371a9596ddf70948"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_app/app_page_entry.rs"}, "region": {"startLine": 153}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29449, "scanner": "repobility-ai-code-hygiene", "fingerprint": "45ff1a8438b085f4c7fd7baf27408cf586ff378b598d548ac66d68048032e394", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/next-api/src/instrumentation.rs", "duplicate_line": 16, "correlation_key": "fp|45ff1a8438b085f4c7fd7baf27408cf586ff378b598d548ac66d68048032e394"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-api/src/middleware.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED065", "level": "none", "message": {"text": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "properties": {"repobilityId": 30665, "scanner": "repobility-threat-engine", "fingerprint": "27e7f7aaf3ba0638e1ad021dc19bcc0c31c6456023905f2bb84f3a158f481ce3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cors-wildcard", "owasp": "A05:2021", "cwe_ids": ["CWE-942", "CWE-346"], "languages": ["python", "javascript", "typescript", "yaml", "json"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348052+00:00", "triaged_in_corpus": 12, "observations_count": 63910, "ai_coder_pattern_id": 46}, "scanner": "repobility-threat-engine", "correlation_key": "fp|27e7f7aaf3ba0638e1ad021dc19bcc0c31c6456023905f2bb84f3a158f481ce3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-mux-video/app/(upload)/page.tsx"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 30663, "scanner": "repobility-threat-engine", "fingerprint": "e819256057b1b742de1a8620aa5f971acee231e04d6ff9861dc1c6ea54aa17f1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e819256057b1b742de1a8620aa5f971acee231e04d6ff9861dc1c6ea54aa17f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-passport-and-next-connect/pages/index.js"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 30662, "scanner": "repobility-threat-engine", "fingerprint": "04f01a5a87bdc7302194eefbf803c475fd577bde05629549d4877fbc43f0284a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|04f01a5a87bdc7302194eefbf803c475fd577bde05629549d4877fbc43f0284a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/image-component/app/shimmer/page.tsx"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 30661, "scanner": "repobility-threat-engine", "fingerprint": "fc543fd33a2446407181cd87f81e6b143a186d47e1c4fceef9c3eb2b2179c68e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fc543fd33a2446407181cd87f81e6b143a186d47e1c4fceef9c3eb2b2179c68e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cms-wordpress/src/components/Globals/Navigation/Navigation.tsx"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED078", "level": "none", "message": {"text": "[MINED078] Eslint Disable File: /* eslint-disable */ at top disables all lint rules for the file."}, "properties": {"repobilityId": 30660, "scanner": "repobility-threat-engine", "fingerprint": "05940851837138fb7e0b4421b4a556b96414ea903c60033648145d8530800be1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "eslint-disable-file", "owasp": null, "cwe_ids": [], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348118+00:00", "triaged_in_corpus": 12, "observations_count": 7287, "ai_coder_pattern_id": 101}, "scanner": "repobility-threat-engine", "correlation_key": "fp|05940851837138fb7e0b4421b4a556b96414ea903c60033648145d8530800be1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cms-sitecore-xmcloud/scripts/templates/component-factory.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED078", "level": "none", "message": {"text": "[MINED078] Eslint Disable File: /* eslint-disable */ at top disables all lint rules for the file."}, "properties": {"repobilityId": 30659, "scanner": "repobility-threat-engine", "fingerprint": "87f3e15ac60536f625858536cd61111a5c58b2ea4b4ef70fae974641e5f3d125", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "eslint-disable-file", "owasp": null, "cwe_ids": [], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348118+00:00", "triaged_in_corpus": 12, "observations_count": 7287, "ai_coder_pattern_id": 101}, "scanner": "repobility-threat-engine", "correlation_key": "fp|87f3e15ac60536f625858536cd61111a5c58b2ea4b4ef70fae974641e5f3d125"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cms-sitecore-xmcloud/scripts/generate-config.ts"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED074", "level": "none", "message": {"text": "[MINED074] Ai Tell Fake Citation (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 30658, "scanner": "repobility-threat-engine", "fingerprint": "b51ba7e1d34cfce20d785b52759bd571eddbf47c8fa0264fe3516f09ec38c889", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED074", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b51ba7e1d34cfce20d785b52759bd571eddbf47c8fa0264fe3516f09ec38c889"}}}, {"ruleId": "MINED074", "level": "none", "message": {"text": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI hallucination."}, "properties": {"repobilityId": 30657, "scanner": "repobility-threat-engine", "fingerprint": "ba368ff987b0c2a5b7e46156e6438d41c7d6df5f6fd58a2e9152a3eafe04ac26", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ai-tell-fake-citation", "owasp": null, "cwe_ids": [], "languages": ["python", "javascript", "typescript", "markdown"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348074+00:00", "triaged_in_corpus": 10, "observations_count": 12281, "ai_coder_pattern_id": 176}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ba368ff987b0c2a5b7e46156e6438d41c7d6df5f6fd58a2e9152a3eafe04ac26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evals/evals/agent-041-optimize-ppr-shell/app/page.tsx"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED074", "level": "none", "message": {"text": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI hallucination."}, "properties": {"repobilityId": 30656, "scanner": "repobility-threat-engine", "fingerprint": "70edff335fa09e53462e006f965f717d3d62a3c511acb89cbb5e96f6288cc2b8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ai-tell-fake-citation", "owasp": null, "cwe_ids": [], "languages": ["python", "javascript", "typescript", "markdown"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348074+00:00", "triaged_in_corpus": 10, "observations_count": 12281, "ai_coder_pattern_id": 176}, "scanner": "repobility-threat-engine", "correlation_key": "fp|70edff335fa09e53462e006f965f717d3d62a3c511acb89cbb5e96f6288cc2b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evals/evals/agent-026-no-serial-await/app/page.tsx"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED074", "level": "none", "message": {"text": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI hallucination."}, "properties": {"repobilityId": 30655, "scanner": "repobility-threat-engine", "fingerprint": "8049a8f158d7b1a2e1e7d5159ac9c293eb5c89e0afc777bd3d76c8173f9b6d5e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ai-tell-fake-citation", "owasp": null, "cwe_ids": [], "languages": ["python", "javascript", "typescript", "markdown"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348074+00:00", "triaged_in_corpus": 10, "observations_count": 12281, "ai_coder_pattern_id": 176}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8049a8f158d7b1a2e1e7d5159ac9c293eb5c89e0afc777bd3d76c8173f9b6d5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evals/evals/agent-023-avoid-getserversideprops/app/page.tsx"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 30654, "scanner": "repobility-threat-engine", "fingerprint": "72cc240435b22269c8ac7593449c25e421ab7b657b772a1cb55f54d840df964b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|72cc240435b22269c8ac7593449c25e421ab7b657b772a1cb55f54d840df964b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-napi-bindings/src/turbopack.rs"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 30653, "scanner": "repobility-threat-engine", "fingerprint": "dc7447f01a7ed30eee800cef8058adb77960f388d5a17f0c82cdee05cfae0df6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dc7447f01a7ed30eee800cef8058adb77960f388d5a17f0c82cdee05cfae0df6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-napi-bindings/src/next_api/utils.rs"}, "region": {"startLine": 390}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 30649, "scanner": "repobility-threat-engine", "fingerprint": "7ff97e56523ca4e01bfe2618edf2509d06fd1bcb3d4d9809d53177da41e9fe8c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED059", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7ff97e56523ca4e01bfe2618edf2509d06fd1bcb3d4d9809d53177da41e9fe8c"}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 30648, "scanner": "repobility-threat-engine", "fingerprint": "d7739f7faf0173943eedad495bc5472a471603a32b6282b334276fdafd35b12b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED066", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d7739f7faf0173943eedad495bc5472a471603a32b6282b334276fdafd35b12b"}}}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 51 more): Same pattern found in 51 additional files. Review if needed."}, "properties": {"repobilityId": 30647, "scanner": "repobility-threat-engine", "fingerprint": "19429abf3cc7b506919e4daa0a6f2ea81e35cfed40b88e0d7032eef8bcdc77fe", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 51 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 51 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|19429abf3cc7b506919e4daa0a6f2ea81e35cfed40b88e0d7032eef8bcdc77fe"}}}, {"ruleId": "SEC134", "level": "none", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 30646, "scanner": "repobility-threat-engine", "fingerprint": "a2e9233412f7423aa7d6083ecc64070a79b45e16876aa3e71da29a02c0781516", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a2e9233412f7423aa7d6083ecc64070a79b45e16876aa3e71da29a02c0781516"}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 27 more): Same pattern found in 27 additional files. Review if needed."}, "properties": {"repobilityId": 30644, "scanner": "repobility-threat-engine", "fingerprint": "3ae5d79a83f52065ae4c549f1f588519ed9dc14462ee3edd39f6b988e8a724fd", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 27 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 27 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED056", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|3ae5d79a83f52065ae4c549f1f588519ed9dc14462ee3edd39f6b988e8a724fd"}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 30643, "scanner": "repobility-threat-engine", "fingerprint": "75dbf0d080f3bb1f6dec57f255950c0ab37833c182215577fdc4bf8b0f1bde6e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|75dbf0d080f3bb1f6dec57f255950c0ab37833c182215577fdc4bf8b0f1bde6e"}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 30642, "scanner": "repobility-threat-engine", "fingerprint": "405ffbc031430fd7c55fa675f21ce0c161bbbdc46226751b715657aba754dd6c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|405ffbc031430fd7c55fa675f21ce0c161bbbdc46226751b715657aba754dd6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/render-pipeline/benchmark.ts"}, "region": {"startLine": 495}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 30641, "scanner": "repobility-threat-engine", "fingerprint": "872df3f36ad6e8d3dc5b1d953cae28b09553399a6fd01e00e4287fc710e39e85", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED054", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|872df3f36ad6e8d3dc5b1d953cae28b09553399a6fd01e00e4287fc710e39e85"}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 30640, "scanner": "repobility-threat-engine", "fingerprint": "15570eceb42bcb8cf7f6e66c8e486895363e84f393f7b5f2a7aea8d98701fda9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|15570eceb42bcb8cf7f6e66c8e486895363e84f393f7b5f2a7aea8d98701fda9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cms-sanity/sanity/schemas/documents/author.ts"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 30639, "scanner": "repobility-threat-engine", "fingerprint": "4b03854ea26e88b69226aedb681eb1ae65d94cde655a031341fe9f6d9d420699", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4b03854ea26e88b69226aedb681eb1ae65d94cde655a031341fe9f6d9d420699"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cms-payload/payload/payloadClient.ts"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html (and 38 more): Same pattern found in 38 additional files. Review if needed."}, "properties": {"repobilityId": 30638, "scanner": "repobility-threat-engine", "fingerprint": "81d901ddba5fc5b8211a5cdbac142f2a0a18d13a2f69d4f6d04b92a55aab396a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 38 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 38 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED058", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|81d901ddba5fc5b8211a5cdbac142f2a0a18d13a2f69d4f6d04b92a55aab396a"}}}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 30637, "scanner": "repobility-threat-engine", "fingerprint": "2b7f7b81bcb4620fd57ce26adc564b95771aff0985c8043618ca9b8a80589c71", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b7f7b81bcb4620fd57ce26adc564b95771aff0985c8043618ca9b8a80589c71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/blog-starter/src/app/_components/theme-switcher.tsx"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 30636, "scanner": "repobility-threat-engine", "fingerprint": "242dd5d196f9ef7745a383f4a5b8a8d0b6e762e78b6ed7246bbefcb03774cb63", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|242dd5d196f9ef7745a383f4a5b8a8d0b6e762e78b6ed7246bbefcb03774cb63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/blog-starter/src/app/_components/post-body.tsx"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 30635, "scanner": "repobility-threat-engine", "fingerprint": "b25ca6c2b6e8056e9e2c805b4ff75b5230249c907e2c0475c7bb8fc214cf24b0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b25ca6c2b6e8056e9e2c805b4ff75b5230249c907e2c0475c7bb8fc214cf24b0"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 30632, "scanner": "repobility-threat-engine", "fingerprint": "7a4b0f5540cad034a1707c0e9f6ef94d621d463e55602684599877ea4071a670", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7a4b0f5540cad034a1707c0e9f6ef94d621d463e55602684599877ea4071a670"}}}, {"ruleId": "SEC084", "level": "none", "message": {"text": "[SEC084] JS: require() with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 30630, "scanner": "repobility-threat-engine", "fingerprint": "42fc4030f57c04d8ace60c0c7e321d52477b44af5460a2f3247591bde9511d4d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|42fc4030f57c04d8ace60c0c7e321d52477b44af5460a2f3247591bde9511d4d"}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 30629, "scanner": "repobility-threat-engine", "fingerprint": "8d7bdca78f80c0f060bd50182467154a823fa567f11e9cf8d2ff8643d3c7e939", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8d7bdca78f80c0f060bd50182467154a823fa567f11e9cf8d2ff8643d3c7e939"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-firebase-cloud-messaging/utils/webPush.js"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 82 more): Same pattern found in 82 additional files. Review if needed."}, "properties": {"repobilityId": 30628, "scanner": "repobility-threat-engine", "fingerprint": "02979e05a4823b6527e9aa6f277412d32a67cf0009a82aff296b27bd1e5aa536", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 82 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 82 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED044", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|02979e05a4823b6527e9aa6f277412d32a67cf0009a82aff296b27bd1e5aa536"}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 20 more): Same pattern found in 20 additional files. Review if needed."}, "properties": {"repobilityId": 30627, "scanner": "repobility-threat-engine", "fingerprint": "f1be79252ef2837ef222322bdedfa7d27c9d106dd308733da5319d0e3c86a1ea", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 20 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 20 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED052", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f1be79252ef2837ef222322bdedfa7d27c9d106dd308733da5319d0e3c86a1ea"}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 30626, "scanner": "repobility-threat-engine", "fingerprint": "6924186c0f114669df74d6aa83913ae4a9fadb249caabd00e31d9fc1f666273f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6924186c0f114669df74d6aa83913ae4a9fadb249caabd00e31d9fc1f666273f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/api-routes-cors/pages/api/cors.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 30558, "scanner": "repobility-threat-engine", "fingerprint": "f1826c133b5493141a290a584e8fd47719bcd461e9b41113ee80e602259a2c78", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f1826c133b5493141a290a584e8fd47719bcd461e9b41113ee80e602259a2c78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/hmr_entry.rs"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 30555, "scanner": "repobility-threat-engine", "fingerprint": "ef988886061fab5708b4eaaa91ba8f704bf1fe228b617ab57dd873fc35d838e9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED059", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ef988886061fab5708b4eaaa91ba8f704bf1fe228b617ab57dd873fc35d838e9"}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 30554, "scanner": "repobility-threat-engine", "fingerprint": "02ca1ef02c51f18978f3fecf61bfbb35cd5f7166e243baaa25651d3b97c8dd48", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|02ca1ef02c51f18978f3fecf61bfbb35cd5f7166e243baaa25651d3b97c8dd48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_shared/webpack_rules/babel.rs"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 30553, "scanner": "repobility-threat-engine", "fingerprint": "c76eea7fbc24bedac996be9f56deb78e752096b0164b4059dff0fe7b8480fbe1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c76eea7fbc24bedac996be9f56deb78e752096b0164b4059dff0fe7b8480fbe1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_shared/transforms/swc_ecma_transform_plugins.rs"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 30552, "scanner": "repobility-threat-engine", "fingerprint": "701fcbacfdeb31a7a6d85b4cd8ef600c2e8bd5ff436ca32e928d1a339006d788", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|701fcbacfdeb31a7a6d85b4cd8ef600c2e8bd5ff436ca32e928d1a339006d788"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-code-frame/src/highlight.rs"}, "region": {"startLine": 651}}}]}, {"ruleId": "MINED011", "level": "none", "message": {"text": "[MINED011] Scala Get On Option (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 30551, "scanner": "repobility-threat-engine", "fingerprint": "869ca20138d64e2898fd3281dc8506c478ca512bea19d184255ad7ce15a4f21c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED011", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|869ca20138d64e2898fd3281dc8506c478ca512bea19d184255ad7ce15a4f21c"}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 30547, "scanner": "repobility-threat-engine", "fingerprint": "a59f3c1ed33ea48ff4ac553d52fe8f9e15dafb6ade0a73c8d2cab70e874e743c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED066", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a59f3c1ed33ea48ff4ac553d52fe8f9e15dafb6ade0a73c8d2cab70e874e743c"}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 30546, "scanner": "repobility-threat-engine", "fingerprint": "ec28ce3df65c0c3e60b0c0399c4bfa53c2635c2933dedc352a2ffd1bcd2a4688", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ec28ce3df65c0c3e60b0c0399c4bfa53c2635c2933dedc352a2ffd1bcd2a4688"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_font/google/mod.rs"}, "region": {"startLine": 814}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 30545, "scanner": "repobility-threat-engine", "fingerprint": "4d9cba90270e0577230c698f6daf02555be2d9e679479c4f7325a8eba6157f61", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4d9cba90270e0577230c698f6daf02555be2d9e679479c4f7325a8eba6157f61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-build-test/src/main.rs"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 30544, "scanner": "repobility-threat-engine", "fingerprint": "709ed57b6f3a142b7033a091980d3b69ac5d419093b37d74abac7eeb9baada01", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|709ed57b6f3a142b7033a091980d3b69ac5d419093b37d74abac7eeb9baada01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-api/src/analyze.rs"}, "region": {"startLine": 287}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive (and 77 more): Same pattern found in 77 additional files. Review if needed."}, "properties": {"repobilityId": 30543, "scanner": "repobility-threat-engine", "fingerprint": "475c01472fc2a8d919133026dfc90e9de8482674c9af9b47f48cf6797e04b7b6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 77 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 77 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED051", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|475c01472fc2a8d919133026dfc90e9de8482674c9af9b47f48cf6797e04b7b6"}}}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 30542, "scanner": "repobility-threat-engine", "fingerprint": "96ed910df1a08a76abea85a6eab4abc2a670eee20e38fb5abc8758d5f1e2811c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|96ed910df1a08a76abea85a6eab4abc2a670eee20e38fb5abc8758d5f1e2811c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-api/src/empty.rs"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 30541, "scanner": "repobility-threat-engine", "fingerprint": "f31e4eab3bf6b2178b3afdb038a07066ca11576211fe8d658220807a5eb16339", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f31e4eab3bf6b2178b3afdb038a07066ca11576211fe8d658220807a5eb16339"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-api/src/app.rs"}, "region": {"startLine": 385}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 30540, "scanner": "repobility-threat-engine", "fingerprint": "035c59ad6cb130b6576134e9bcd54e54894422689f7defa241e1945a3f7d76fe", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|035c59ad6cb130b6576134e9bcd54e54894422689f7defa241e1945a3f7d76fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-api/src/analyze.rs"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 33 more): Same pattern found in 33 additional files. Review if needed."}, "properties": {"repobilityId": 30539, "scanner": "repobility-threat-engine", "fingerprint": "d0092c27ccbc2d7ff0f03c61c8744b714aa90e563c3aa179a71fd5c2c40db424", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 33 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 33 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d0092c27ccbc2d7ff0f03c61c8744b714aa90e563c3aa179a71fd5c2c40db424"}}}, {"ruleId": "MINED002", "level": "none", "message": {"text": "[MINED002] Dart Null Bang (and 120 more): Same pattern found in 120 additional files. Review if needed."}, "properties": {"repobilityId": 30535, "scanner": "repobility-threat-engine", "fingerprint": "7d492e2bcf66987c80ffdee9667895ce604f9eb6f02b79704109a82a7144ce6e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 120 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 120 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7d492e2bcf66987c80ffdee9667895ce604f9eb6f02b79704109a82a7144ce6e"}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 30529, "scanner": "repobility-threat-engine", "fingerprint": "6ad8493411ab8488428071a0defc4f75a0e71a3f6d936fc01d5f506743bcc03b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6ad8493411ab8488428071a0defc4f75a0e71a3f6d936fc01d5f506743bcc03b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/rendering/pages/stateless-big.js"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 30528, "scanner": "repobility-threat-engine", "fingerprint": "80266f058088dded49b08868440d295b20ff20948a454ae38365d186f9eeb5c5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|80266f058088dded49b08868440d295b20ff20948a454ae38365d186f9eeb5c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/basic-app/app/streaming/bulk/page.js"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 30527, "scanner": "repobility-threat-engine", "fingerprint": "46087f0cea6b141df9fa565ca55d3d58095073cff385ce13b19136ad94898f8d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|46087f0cea6b141df9fa565ca55d3d58095073cff385ce13b19136ad94898f8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/bundle-analyzer/components/import-chain.tsx"}, "region": {"startLine": 441}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 30526, "scanner": "repobility-threat-engine", "fingerprint": "84ab84a61387784c5210056bf43ac9116ee16f3cc0cc98d28f2efd40bfcfa2b6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|84ab84a61387784c5210056bf43ac9116ee16f3cc0cc98d28f2efd40bfcfa2b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/bundle-analyzer/components/error-state.tsx"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 30525, "scanner": "repobility-threat-engine", "fingerprint": "169e72b5c6af66e36d809b6025e49140dfeb23cdb88b4a37cfef543635a7e3ce", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|169e72b5c6af66e36d809b6025e49140dfeb23cdb88b4a37cfef543635a7e3ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/bundle-analyzer/app/layout.tsx"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 126 more): Same pattern found in 126 additional files. Review if needed."}, "properties": {"repobilityId": 30522, "scanner": "repobility-threat-engine", "fingerprint": "53fff5a35a36e3f540c670c4ab619c0dec53761557af6aa2dab3135e6c106b1e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 126 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 126 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|53fff5a35a36e3f540c670c4ab619c0dec53761557af6aa2dab3135e6c106b1e"}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 30521, "scanner": "repobility-threat-engine", "fingerprint": "32269ca82d2a46c3f594194cb3818db75d119ee7d25312378760d3ea183e2175", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|32269ca82d2a46c3f594194cb3818db75d119ee7d25312378760d3ea183e2175"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/render-pipeline/analyze-profiles.ts"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 30520, "scanner": "repobility-threat-engine", "fingerprint": "b576a3502b7c9c3343bb767ae06dce033d5e429d5fa1f004a13eae8245ef9d84", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b576a3502b7c9c3343bb767ae06dce033d5e429d5fa1f004a13eae8245ef9d84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/bundle-analyzer/components/file-search.tsx"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 30519, "scanner": "repobility-threat-engine", "fingerprint": "b764481a05fd4c2925666fd04afb9de6529069627be74700e304fc1bb1ca072f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b764481a05fd4c2925666fd04afb9de6529069627be74700e304fc1bb1ca072f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/src/run/collect-diffs.js"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED010", "level": "none", "message": {"text": "[MINED010] Ruby System Call (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 30518, "scanner": "repobility-threat-engine", "fingerprint": "2757c497cfc1305a451a22734e3b0e43f3606391850d3a68e78bda0f725177a7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED010", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2757c497cfc1305a451a22734e3b0e43f3606391850d3a68e78bda0f725177a7"}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 30514, "scanner": "repobility-threat-engine", "fingerprint": "4875a559f3a7ef8f65af97e36bd4ed456f1302da8e5af61210005e2735499d3a", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'test\\b' detected on same line", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4875a559f3a7ef8f65af97e36bd4ed456f1302da8e5af61210005e2735499d3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-integration-stat/src/index.ts"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "properties": {"repobilityId": 30513, "scanner": "repobility-threat-engine", "fingerprint": "21a9aecd40010655607d60c1bf41c71dfd9e49ea8e020239407b23559531b735", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED044", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|21a9aecd40010655607d60c1bf41c71dfd9e49ea8e020239407b23559531b735"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 30512, "scanner": "repobility-threat-engine", "fingerprint": "13d61d12695d625b63115106c5f297f73bca70f61038e4f42b05d6f8cad4eb8f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|13d61d12695d625b63115106c5f297f73bca70f61038e4f42b05d6f8cad4eb8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/src/aggregate-results.js"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 30511, "scanner": "repobility-threat-engine", "fingerprint": "dc4281425fbb4b00acc94fa34c4a75b53ddc70a476aa4f32ec4e5e4050cd4c25", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dc4281425fbb4b00acc94fa34c4a75b53ddc70a476aa4f32ec4e5e4050cd4c25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/src/add-comment.js"}, "region": {"startLine": 1159}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 30510, "scanner": "repobility-threat-engine", "fingerprint": "697b56d4d31997952b13cd47413afc16e2c7fd9307d6a10ad3c3983d9d906c7a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|697b56d4d31997952b13cd47413afc16e2c7fd9307d6a10ad3c3983d9d906c7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-integration-stat/src/index.ts"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 30509, "scanner": "repobility-threat-engine", "fingerprint": "b50be79238e834594086cb7b8684b0958386c00c99ebc021bd91efbdffcab2aa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b50be79238e834594086cb7b8684b0958386c00c99ebc021bd91efbdffcab2aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/validate-docs-links/src/index.ts"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 30508, "scanner": "repobility-threat-engine", "fingerprint": "fb537eddba571262c6093ba12186b6d974364e7416e2a135a7ef4c1f4230bb81", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fb537eddba571262c6093ba12186b6d974364e7416e2a135a7ef4c1f4230bb81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/needs-triage/src/index.ts"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 30 more): Same pattern found in 30 additional files. Review if needed."}, "properties": {"repobilityId": 30507, "scanner": "repobility-threat-engine", "fingerprint": "877877d11207088a3b972e14e2c8ed71d0e543f9046391251cd7129e5b47e8f1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 30 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 30 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "MINED042", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|877877d11207088a3b972e14e2c8ed71d0e543f9046391251cd7129e5b47e8f1"}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 30506, "scanner": "repobility-threat-engine", "fingerprint": "86befb2a50a8a598f99cb2b12c8ce74964ad1d30e32ff5a0c701f6c704054225", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|86befb2a50a8a598f99cb2b12c8ce74964ad1d30e32ff5a0c701f6c704054225"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-repo-actions/src/popular-prs.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 30505, "scanner": "repobility-threat-engine", "fingerprint": "2e7c235e78dcaf25104e7f5d39f1497ffd80d5fe0974e26ea0ce37cafbe3c901", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2e7c235e78dcaf25104e7f5d39f1497ffd80d5fe0974e26ea0ce37cafbe3c901"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-integration-stat/src/index.ts"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 30504, "scanner": "repobility-threat-engine", "fingerprint": "55d37da48f66ae66849c7d8970bb79fc395db887f9c9ea4675f5a3e8519d2b09", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|55d37da48f66ae66849c7d8970bb79fc395db887f9c9ea4675f5a3e8519d2b09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/needs-triage/src/index.ts"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 29913, "scanner": "repobility-threat-engine", "fingerprint": "f50747163d70dab1fa2519c9a96d374fa64771763e354f97facd6a46500faf29", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f50747163d70dab1fa2519c9a96d374fa64771763e354f97facd6a46500faf29"}}}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 29863, "scanner": "repobility-docker", "fingerprint": "a63421b4690a00480e3de3df1be0c2cab52c7e05aa3c7178d55a1630fb4aec91", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "node:${NODE_VERSION}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|a63421b4690a00480e3de3df1be0c2cab52c7e05aa3c7178d55a1630fb4aec91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-export-output/Dockerfile.serve"}, "region": {"startLine": 71}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 29861, "scanner": "repobility-docker", "fingerprint": "07a1c7e6871659f7eeb1142b2a4eac10afd9aa0723207f4e1e5ecb81dcc7a6b6", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "node:${NODE_VERSION}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|07a1c7e6871659f7eeb1142b2a4eac10afd9aa0723207f4e1e5ecb81dcc7a6b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-export-output/Dockerfile.serve"}, "region": {"startLine": 36}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 29860, "scanner": "repobility-docker", "fingerprint": "de9b68117e69ee37b5b296ace11f2d2d7ed88d32c05a8080eb5b6207da03475b", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "node:${NODE_VERSION}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|de9b68117e69ee37b5b296ace11f2d2d7ed88d32c05a8080eb5b6207da03475b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-export-output/Dockerfile.serve"}, "region": {"startLine": 10}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 29859, "scanner": "repobility-docker", "fingerprint": "af2fa28aceb20d020ffc89cf997ef9107c9dd96a473419bc9f9e4a1b6f6cb30a", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "nginxinc/nginx-unprivileged:${NGINXINC_IMAGE_TAG}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|af2fa28aceb20d020ffc89cf997ef9107c9dd96a473419bc9f9e4a1b6f6cb30a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-export-output/Dockerfile"}, "region": {"startLine": 72}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 29857, "scanner": "repobility-docker", "fingerprint": "b018fd2e66af5cf66615ef4ef0339995860f47f356cf3b8b013a678cbc15c486", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "node:${NODE_VERSION}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|b018fd2e66af5cf66615ef4ef0339995860f47f356cf3b8b013a678cbc15c486"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-export-output/Dockerfile"}, "region": {"startLine": 38}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 29856, "scanner": "repobility-docker", "fingerprint": "de2f280548acb741849db519d9f3c559404bf61ca56dd64693b12e88f37a4fff", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "node:${NODE_VERSION}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|de2f280548acb741849db519d9f3c559404bf61ca56dd64693b12e88f37a4fff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-export-output/Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 29854, "scanner": "repobility-docker", "fingerprint": "092524d9cdf4737241e5722a46cf8801a5b62a0e0a90b132f6273338d49231ed", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "node:${NODE_VERSION}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|092524d9cdf4737241e5722a46cf8801a5b62a0e0a90b132f6273338d49231ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker/Dockerfile"}, "region": {"startLine": 74}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 29852, "scanner": "repobility-docker", "fingerprint": "1d9b341258eeabab8075b4e66da9f188e88a4d1c8a92488163227c53c02c175e", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "node:${NODE_VERSION}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|1d9b341258eeabab8075b4e66da9f188e88a4d1c8a92488163227c53c02c175e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker/Dockerfile"}, "region": {"startLine": 36}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 29851, "scanner": "repobility-docker", "fingerprint": "c0376eee741ae60a32d456debd635f74eb5c2c766e23aca4966d8d152773cccf", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "node:${NODE_VERSION}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|c0376eee741ae60a32d456debd635f74eb5c2c766e23aca4966d8d152773cccf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker/Dockerfile"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 29814, "scanner": "repobility-threat-engine", "fingerprint": "dde54b1afcc8b10013cfe69a9cf35d9b77351c84b29ff4b22fe341f6c252d0a2", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.error(\"Error regenerating: Invalid Token.\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|1|console.error error regenerating: invalid token."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cms-payload/pages/api/regenerate.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "SEC040", "level": "none", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 29813, "scanner": "repobility-threat-engine", "fingerprint": "26dd3c21154c2a6a3267a01ad2cd9878020839920664c42b2eaf26853eae7f18", "category": "xss", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|26dd3c21154c2a6a3267a01ad2cd9878020839920664c42b2eaf26853eae7f18"}}}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 29809, "scanner": "repobility-threat-engine", "fingerprint": "e7174d71aa23c14419f9144792a6ba116afcec3004f64b82de4dbf54fc9e1921", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|e7174d71aa23c14419f9144792a6ba116afcec3004f64b82de4dbf54fc9e1921"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 36 more): Same pattern found in 36 additional files. Review if needed."}, "properties": {"repobilityId": 29805, "scanner": "repobility-threat-engine", "fingerprint": "de360f850ead589ee5e9ed6a342addc11eb9276bba1c673b6eea6332ec53bc3b", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 36 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 36 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|de360f850ead589ee5e9ed6a342addc11eb9276bba1c673b6eea6332ec53bc3b"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 29803, "scanner": "repobility-threat-engine", "fingerprint": "69b8d1ab6ebdf0e67a4943a9d246df28ccefb397d7d029799319621fefe41b25", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|69b8d1ab6ebdf0e67a4943a9d246df28ccefb397d7d029799319621fefe41b25"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 29446, "scanner": "repobility-threat-engine", "fingerprint": "87a374dc589dd420ec377c72db2b292cf3fbbfe6642b8efe3d05d9fe2427b14e", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|87a374dc589dd420ec377c72db2b292cf3fbbfe6642b8efe3d05d9fe2427b14e"}}}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 30652, "scanner": "repobility-threat-engine", "fingerprint": "0d67786970faa29c26f35435c0fe1620944533e2fa414da5b882f6bfd6f13846", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0d67786970faa29c26f35435c0fe1620944533e2fa414da5b882f6bfd6f13846"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-error-code-swc-plugin/src/lib.rs"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 30651, "scanner": "repobility-threat-engine", "fingerprint": "f64f7f548c3fff441921de8326d94f5243d4a5be3e77cfaa5633d959b8e3a2cf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f64f7f548c3fff441921de8326d94f5243d4a5be3e77cfaa5633d959b8e3a2cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-custom-transforms/src/transforms/server_actions.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 30634, "scanner": "repobility-threat-engine", "fingerprint": "e621b0eb1f962a68b326f4bb9adc75b728b0e5882982dde8807d85eae1019e76", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(message", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e621b0eb1f962a68b326f4bb9adc75b728b0e5882982dde8807d85eae1019e76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/nested-deps-app-router/bench.mjs"}, "region": {"startLine": 193}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 30633, "scanner": "repobility-threat-engine", "fingerprint": "f6be4e96ef1fec99b88cb6a5f7e570a70ac210596806b846103fdc4f03dbcf10", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(message", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f6be4e96ef1fec99b88cb6a5f7e570a70ac210596806b846103fdc4f03dbcf10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/nested-deps-app-router-many-pages/bench.mjs"}, "region": {"startLine": 193}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 30631, "scanner": "repobility-threat-engine", "fingerprint": "1d039ca8c56810b6bfb6b17b4b59669c91c6faa9992890c7881c17188a6a98be", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hasher.update(b\":\");", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1d039ca8c56810b6bfb6b17b4b59669c91c6faa9992890c7881c17188a6a98be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-custom-transforms/src/transforms/server_actions.rs"}, "region": {"startLine": 297}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 30625, "scanner": "repobility-threat-engine", "fingerprint": "88401459ad0fc9d685e22c4131c65b16908a74adb5054352bce8a2a72fcecacd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|88401459ad0fc9d685e22c4131c65b16908a74adb5054352bce8a2a72fcecacd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/rust/install.sh"}, "region": {"startLine": 5}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 30562, "scanner": "repobility-threat-engine", "fingerprint": "7cff038f731d641130fc1dfd6e6326402d92c52eb672731eed82a2356cbc4a61", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(&request", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|86|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_font/util.rs"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 30561, "scanner": "repobility-threat-engine", "fingerprint": "1703d0c0cd8ced85f4d812f045ac89e9371d85fd8436f7414c01a0c477baa308", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(&format!(\n                        \"{}.js\",\n                        get_request", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|163|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_font/local/mod.rs"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED039", "level": "error", "message": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "properties": {"repobilityId": 30557, "scanner": "repobility-threat-engine", "fingerprint": "b5aef409c295839e92c2b9d060377c332d3f607058d56f8f50e160ebc21bc213", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b5aef409c295839e92c2b9d060377c332d3f607058d56f8f50e160ebc21bc213"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_app/app_client_references_chunks.rs"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED039", "level": "error", "message": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "properties": {"repobilityId": 30556, "scanner": "repobility-threat-engine", "fingerprint": "83c163cb27ce0865038564411c0669ccd0fffc817cc29ace49b730e2da421f02", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "correlation_key": "fp|83c163cb27ce0865038564411c0669ccd0fffc817cc29ace49b730e2da421f02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/hmr_entry.rs"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED011", "level": "error", "message": {"text": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match."}, "properties": {"repobilityId": 30550, "scanner": "repobility-threat-engine", "fingerprint": "9e3e824d13c634a342c7eee2568dc945bad1c3574e4c14912266257a9f183d4f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "scala-get-on-option", "owasp": null, "cwe_ids": ["CWE-476"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347923+00:00", "triaged_in_corpus": 15, "observations_count": 140164, "ai_coder_pattern_id": 159}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9e3e824d13c634a342c7eee2568dc945bad1c3574e4c14912266257a9f183d4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-code-frame/src/frame.rs"}, "region": {"startLine": 233}}}]}, {"ruleId": "MINED011", "level": "error", "message": {"text": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match."}, "properties": {"repobilityId": 30549, "scanner": "repobility-threat-engine", "fingerprint": "f5810c0d93997e34156faf243623c815a4840428163ff538e20985720688a4ce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "scala-get-on-option", "owasp": null, "cwe_ids": ["CWE-476"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347923+00:00", "triaged_in_corpus": 15, "observations_count": 140164, "ai_coder_pattern_id": 159}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f5810c0d93997e34156faf243623c815a4840428163ff538e20985720688a4ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-api/src/versioned_content_map.rs"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED011", "level": "error", "message": {"text": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match."}, "properties": {"repobilityId": 30548, "scanner": "repobility-threat-engine", "fingerprint": "01de37a2a77efee84b4bc943ad7708fa908d19a3397ee02c24db5ae4a21418eb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "scala-get-on-option", "owasp": null, "cwe_ids": ["CWE-476"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347923+00:00", "triaged_in_corpus": 15, "observations_count": 140164, "ai_coder_pattern_id": 159}, "scanner": "repobility-threat-engine", "correlation_key": "fp|01de37a2a77efee84b4bc943ad7708fa908d19a3397ee02c24db5ae4a21418eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-api/src/project.rs"}, "region": {"startLine": 592}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 30538, "scanner": "repobility-threat-engine", "fingerprint": "97057e5003dc5082fa6c8259da1eb4a56ef33b833df1360dc758cc8e38a05a56", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|97057e5003dc5082fa6c8259da1eb4a56ef33b833df1360dc758cc8e38a05a56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-api/src/asset_hashes_manifest.rs"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 30537, "scanner": "repobility-threat-engine", "fingerprint": "eab4972703b32f8f4cac32180eb30f17cf4283ddb8d1cd759bcc8c1e3fdaf559", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eab4972703b32f8f4cac32180eb30f17cf4283ddb8d1cd759bcc8c1e3fdaf559"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-api/src/app.rs"}, "region": {"startLine": 1678}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 30536, "scanner": "repobility-threat-engine", "fingerprint": "daab5ba4c1b86327af0fd0df04add22f34db3b0786b0758ba52b3b8afb8f5082", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|daab5ba4c1b86327af0fd0df04add22f34db3b0786b0758ba52b3b8afb8f5082"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-api/src/analyze.rs"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED002", "level": "error", "message": {"text": "[MINED002] Dart Null Bang: value! throws on null. Use ?. or null check."}, "properties": {"repobilityId": 30534, "scanner": "repobility-threat-engine", "fingerprint": "07aae2e21f7aa01d76d9ce19728690678e9dfdbb5797c02b804f42de4c40fd83", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347899+00:00", "triaged_in_corpus": 15, "observations_count": 1434931, "ai_coder_pattern_id": 167}, "scanner": "repobility-threat-engine", "correlation_key": "fp|07aae2e21f7aa01d76d9ce19728690678e9dfdbb5797c02b804f42de4c40fd83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-api/src/asset_hashes_manifest.rs"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED002", "level": "error", "message": {"text": "[MINED002] Dart Null Bang: value! throws on null. Use ?. or null check."}, "properties": {"repobilityId": 30533, "scanner": "repobility-threat-engine", "fingerprint": "dc9027ad5230583bd366f84d687e673db7a4a1bbc0578c1c7822a95a64f3706d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347899+00:00", "triaged_in_corpus": 15, "observations_count": 1434931, "ai_coder_pattern_id": 167}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dc9027ad5230583bd366f84d687e673db7a4a1bbc0578c1c7822a95a64f3706d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-api/src/app.rs"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED002", "level": "error", "message": {"text": "[MINED002] Dart Null Bang: value! throws on null. Use ?. or null check."}, "properties": {"repobilityId": 30532, "scanner": "repobility-threat-engine", "fingerprint": "284aabfee89070f1f45b9690dd7c771c37df7ee583ed44d87db828b127b3edd6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347899+00:00", "triaged_in_corpus": 15, "observations_count": 1434931, "ai_coder_pattern_id": 167}, "scanner": "repobility-threat-engine", "correlation_key": "fp|284aabfee89070f1f45b9690dd7c771c37df7ee583ed44d87db828b127b3edd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-api/src/analyze.rs"}, "region": {"startLine": 159}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 30524, "scanner": "repobility-threat-engine", "fingerprint": "f9996634e2f450f443b06ba140eb127b5afcdbbcec552619ec680eef9c6afe3e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "textWidthCache.delete(cacheKey)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f9996634e2f450f443b06ba140eb127b5afcdbbcec552619ec680eef9c6afe3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/bundle-analyzer/components/treemap-visualizer.tsx"}, "region": {"startLine": 97}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 30523, "scanner": "repobility-threat-engine", "fingerprint": "8582573ba4efbc6c7a1a4d675bd1c4aca8d97f87997f97384d19e93cdbffe290", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "socket.destroy()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8582573ba4efbc6c7a1a4d675bd1c4aca8d97f87997f97384d19e93cdbffe290"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/src/run/collect-stats.js"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED010", "level": "error", "message": {"text": "[MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dynamic."}, "properties": {"repobilityId": 30517, "scanner": "repobility-threat-engine", "fingerprint": "657c36ae5eef6ea244ea60293d755fab3e95eb97ac3b9354f488ffd5d8ba18a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ruby-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347921+00:00", "triaged_in_corpus": 15, "observations_count": 189513, "ai_coder_pattern_id": 162}, "scanner": "repobility-threat-engine", "correlation_key": "fp|657c36ae5eef6ea244ea60293d755fab3e95eb97ac3b9354f488ffd5d8ba18a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/src/run/benchmark-url.js"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED010", "level": "error", "message": {"text": "[MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dynamic."}, "properties": {"repobilityId": 30516, "scanner": "repobility-threat-engine", "fingerprint": "936fc41d027165f01963f88e083cc27e9beb64e861d152a1930681b34bfe7471", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ruby-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347921+00:00", "triaged_in_corpus": 15, "observations_count": 189513, "ai_coder_pattern_id": 162}, "scanner": "repobility-threat-engine", "correlation_key": "fp|936fc41d027165f01963f88e083cc27e9beb64e861d152a1930681b34bfe7471"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/src/prepare/repo-setup.js"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED010", "level": "error", "message": {"text": "[MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dynamic."}, "properties": {"repobilityId": 30515, "scanner": "repobility-threat-engine", "fingerprint": "1b1e38e311eaa180d83419924853eecfb1fce1ac03090767cebccfbb9f934326", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ruby-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347921+00:00", "triaged_in_corpus": 15, "observations_count": 189513, "ai_coder_pattern_id": 162}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1b1e38e311eaa180d83419924853eecfb1fce1ac03090767cebccfbb9f934326"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/src/index.js"}, "region": {"startLine": 40}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 29917, "scanner": "repobility-threat-engine", "fingerprint": "4d7d474f8d759e2087dd71234db3858a7a2b8bd0b84820972d6497eb72617eab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(command", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4d7d474f8d759e2087dd71234db3858a7a2b8bd0b84820972d6497eb72617eab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/src/util/exec.js"}, "region": {"startLine": 12}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /templates/app-api/js/app/:slug."}, "properties": {"repobilityId": 29893, "scanner": "repobility-access-control", "fingerprint": "93e331fcffeb98245ae864e5bcc787aa080bd023ff21678e2bb3234c9a1eec9c", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/templates/app-api/js/app/:slug", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token / slug /route.js|3|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/create-next-app/templates/app-api/js/app/[slug]/route.js"}, "region": {"startLine": 3}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /templates/app-api/ts/app/:slug."}, "properties": {"repobilityId": 29892, "scanner": "repobility-access-control", "fingerprint": "b73134d41ad2e098857239361d26fc38fde58c25d112942c251f419c0bbb91af", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/templates/app-api/ts/app/:slug", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token / slug /route.ts|3|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/create-next-app/templates/app-api/ts/app/[slug]/route.ts"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 29868, "scanner": "repobility-docker", "fingerprint": "e53d86fcabc4b31e90fe9eb267dc5de4ea411cc8f6a8bd5c116823c98e2ebb6f", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "6379:6379", "target": "6379", "host_ip": "", "published": "6379"}, {"raw": "8001:8001", "target": "8001", "host_ip": "", "published": "8001"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "redis-stack", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|e53d86fcabc4b31e90fe9eb267dc5de4ea411cc8f6a8bd5c116823c98e2ebb6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cache-handler-redis/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 29866, "scanner": "repobility-docker", "fingerprint": "0250489c17f80ef8e89391aec04d21b3ac0045f5b3fe34b5c9197b0516197dd7", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|0250489c17f80ef8e89391aec04d21b3ac0045f5b3fe34b5c9197b0516197dd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-multi-env/docker/staging/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 29865, "scanner": "repobility-docker", "fingerprint": "f325963947d9d1e2dd2a7e8be476908792a94ddd5eed7193569a660a1bb75d5e", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|f325963947d9d1e2dd2a7e8be476908792a94ddd5eed7193569a660a1bb75d5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-multi-env/docker/production/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 29864, "scanner": "repobility-docker", "fingerprint": "a1fa70ca3c5c9d954794c0a0a1cb4d1eda04ef895d75e5e9bd1040a35cc25689", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a1fa70ca3c5c9d954794c0a0a1cb4d1eda04ef895d75e5e9bd1040a35cc25689"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-multi-env/docker/development/Dockerfile"}, "region": {"startLine": 25}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 29862, "scanner": "repobility-docker", "fingerprint": "8672258801906d519e3daeeb44fb65cd87f018274a42c34815c4c32eca00ef00", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|8672258801906d519e3daeeb44fb65cd87f018274a42c34815c4c32eca00ef00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-export-output/Dockerfile.serve"}, "region": {"startLine": 45}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 29858, "scanner": "repobility-docker", "fingerprint": "c0f1e6384ed3b1914156a3f102ff42572f56eb53ea0a5f217e9b9005535ddddc", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c0f1e6384ed3b1914156a3f102ff42572f56eb53ea0a5f217e9b9005535ddddc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker-export-output/Dockerfile"}, "region": {"startLine": 47}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 29855, "scanner": "repobility-docker", "fingerprint": "6c835321fb53210209b4929582bfd7a6cdb394edc37721b2fb716dbec2eb4d2e", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|6c835321fb53210209b4929582bfd7a6cdb394edc37721b2fb716dbec2eb4d2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker/Dockerfile.bun"}, "region": {"startLine": 33}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 29853, "scanner": "repobility-docker", "fingerprint": "e2756a1aa07f2e29f45c8a1f68bd38c435a51bc51c6ae169ee649c11fb17f502", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|e2756a1aa07f2e29f45c8a1f68bd38c435a51bc51c6ae169ee649c11fb17f502"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-docker/Dockerfile"}, "region": {"startLine": 45}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 29848, "scanner": "repobility-docker", "fingerprint": "8d57384424bb781f7f1ded4d33ea4888305fea2775a7650dcda376a09db31d4c", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|8d57384424bb781f7f1ded4d33ea4888305fea2775a7650dcda376a09db31d4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/Dockerfile"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 29847, "scanner": "repobility-docker", "fingerprint": "8e4d18ab154f7efcf913053274da81281dda3accac598cad9b42ea8cbada4052", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|8e4d18ab154f7efcf913053274da81281dda3accac598cad9b42ea8cbada4052"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/Dockerfile"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 29815, "scanner": "repobility-threat-engine", "fingerprint": "76b5972318feec0db9742672affc01f9a3ac8955f3c54b4f7206e9362c450306", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "console.log(\"fcm_token\", token)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|2|console.log fcm_token token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/with-firebase-cloud-messaging/utils/webPush.js"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 29812, "scanner": "repobility-threat-engine", "fingerprint": "728194bb9530df382296f01be970c31f7801e96b31c0b1800fda59ef45fa1446", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((post) => `/posts/${post.data.slug}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|728194bb9530df382296f01be970c31f7801e96b31c0b1800fda59ef45fa1446"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cms-builder-io/pages/posts/[slug].js"}, "region": {"startLine": 91}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 29811, "scanner": "repobility-threat-engine", "fingerprint": "7e78952d42f9d76924717a3eb6964ea54d9068553c7cd30a57ef82ff32078259", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((c) => `${{c}}?dpl=${{process.env.NEXT_DEPLOYMENT_ID}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7e78952d42f9d76924717a3eb6964ea54d9068553c7cd30a57ef82ff32078259"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_manifests/client_reference_manifest.rs"}, "region": {"startLine": 495}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 29810, "scanner": "repobility-threat-engine", "fingerprint": "7e70c491a0c196ff2af5dc6a7a3dcb7e52f5ba9091c165f9bd8b5c767acc10ed", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((entry) => `${entry.route}|${entry.phase}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7e70c491a0c196ff2af5dc6a7a3dcb7e52f5ba9091c165f9bd8b5c767acc10ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/render-pipeline/benchmark.ts"}, "region": {"startLine": 415}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 29804, "scanner": "repobility-threat-engine", "fingerprint": "f2a73dc4d352383fa6bc21e417b870591a32e059acec436c823e31e6533aaedc", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(i", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f2a73dc4d352383fa6bc21e417b870591a32e059acec436c823e31e6533aaedc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/nested-deps-app-router-many-pages/create-pages.mjs"}, "region": {"startLine": 5}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 29445, "scanner": "repobility-threat-engine", "fingerprint": "208c1457c2c293faf05a9e1bb7f1edfd2ab7b268b6470350661be353a81fc430", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|208c1457c2c293faf05a9e1bb7f1edfd2ab7b268b6470350661be353a81fc430"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bench/render-pipeline/analyze-profiles.ts"}, "region": {"startLine": 140}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 29444, "scanner": "repobility-threat-engine", "fingerprint": "b35093bed5614b16aa9f89edeaf64a842ce036275f28afec0ec5e0237cba76b6", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b35093bed5614b16aa9f89edeaf64a842ce036275f28afec0ec5e0237cba76b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/src/run/collect-stats.js"}, "region": {"startLine": 396}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 29443, "scanner": "repobility-threat-engine", "fingerprint": "ab3968d70a8321738544160f6e79f78dc58c31c93acf779fb4eb47d02151f654", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(\n  u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ab3968d70a8321738544160f6e79f78dc58c31c93acf779fb4eb47d02151f654"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/src/run/benchmark-url.js"}, "region": {"startLine": 8}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 29441, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 30650, "scanner": "repobility-threat-engine", "fingerprint": "fe742ee1696c97a889f01a4cbf53152227d2095f4e6cc4da070e4ae8184f7185", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fe742ee1696c97a889f01a4cbf53152227d2095f4e6cc4da070e4ae8184f7185"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-taskless/src/lib.rs"}, "region": {"startLine": 319}}}]}, {"ruleId": "MINED025", "level": "error", "message": {"text": "[MINED025] Php Eval: eval() executes arbitrary PHP. Code injection."}, "properties": {"repobilityId": 30565, "scanner": "repobility-threat-engine", "fingerprint": "4241944271d9755ee9bd9a6b386edfb9d1e9bdd23b076654639e283428e76f6b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-eval", "owasp": null, "cwe_ids": ["CWE-95"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347956+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 164}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4241944271d9755ee9bd9a6b386edfb9d1e9bdd23b076654639e283428e76f6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/segment_config.rs"}, "region": {"startLine": 623}}}]}, {"ruleId": "MINED024", "level": "error", "message": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "properties": {"repobilityId": 30564, "scanner": "repobility-threat-engine", "fingerprint": "f509a74852aca83a4d172b367a17e578357ed7d5b6aca823be39f00d0a716abc", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f509a74852aca83a4d172b367a17e578357ed7d5b6aca823be39f00d0a716abc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/segment_config.rs"}, "region": {"startLine": 623}}}]}, {"ruleId": "MINED015", "level": "error", "message": {"text": "[MINED015] Ruby Eval Call: eval() executes arbitrary code. Code injection."}, "properties": {"repobilityId": 30563, "scanner": "repobility-threat-engine", "fingerprint": "e9315f3ed62d267cf352c4e80314195c19f344c7e22ee587988e9a5d78003601", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ruby-eval-call", "owasp": null, "cwe_ids": ["CWE-95"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347933+00:00", "triaged_in_corpus": 20, "observations_count": 85733, "ai_coder_pattern_id": 161}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e9315f3ed62d267cf352c4e80314195c19f344c7e22ee587988e9a5d78003601"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/segment_config.rs"}, "region": {"startLine": 623}}}]}, {"ruleId": "MINED005", "level": "error", "message": {"text": "[MINED005] Lua Loadstring: loadstring/load executes Lua code. Code injection."}, "properties": {"repobilityId": 30560, "scanner": "repobility-threat-engine", "fingerprint": "d99e0720fda278a2189ddaa56a54358792a2693d7a9d498e76bbcbe09f103f20", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "lua-loadstring", "owasp": null, "cwe_ids": ["CWE-95"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347908+00:00", "triaged_in_corpus": 20, "observations_count": 291730, "ai_coder_pattern_id": 169}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d99e0720fda278a2189ddaa56a54358792a2693d7a9d498e76bbcbe09f103f20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/next_font/google/mod.rs"}, "region": {"startLine": 762}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 30559, "scanner": "repobility-threat-engine", "fingerprint": "873864463b08fdc699848dda0b0245030b8ecc6db828f20e528eddb2252d9d3f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|873864463b08fdc699848dda0b0245030b8ecc6db828f20e528eddb2252d9d3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/next-core/src/middleware.rs"}, "region": {"startLine": 112}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 29916, "scanner": "repobility-threat-engine", "fingerprint": "cf35015711e31abb7c7db2a2889938153de010687f79d015293fd215ec67d91e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(pkgJsonPath", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cf35015711e31abb7c7db2a2889938153de010687f79d015293fd215ec67d91e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/src/run/index.js"}, "region": {"startLine": 311}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 29915, "scanner": "repobility-threat-engine", "fingerprint": "62acf17b60bfa8a376e7079fdd928dce78459d5018ef6a1cc44b0be8710ed182", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(\n        path", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|62acf17b60bfa8a376e7079fdd928dce78459d5018ef6a1cc44b0be8710ed182"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/src/prepare/load-stats-config.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 29914, "scanner": "repobility-threat-engine", "fingerprint": "237e708a02da69f04627fafcf18742ca67f2e924657f9b58e4b7aa65a1256733", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(GITHUB_EVENT_PATH", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|237e708a02da69f04627fafcf18742ca67f2e924657f9b58e4b7aa65a1256733"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/next-stats-action/src/prepare/action-info.js"}, "region": {"startLine": 73}}}]}]}]}